When chip cards are being produced, there are two stages in the production process which have to do with loading data into the card, namely initialization and personalization.
During initialization, the structures that will be needed later on, such as files and directories and the correlation between them, are created in the memory of the chip card. Also loaded into the chip card is data, this data being the same for all the cards in a given series or run. Where initialization is concerned, speed has a significant impact on cost.
During personalization, secret and/or card-specific information is loaded into the chip card. If for example the number of the card-issuing body, which is the same for all the cards, was recorded at the time of initialization, then at the time of personalization it is for example the credit card number, which is specific to the card, which is programmed into the memory of the card. An important requirement in this case is that personalization should be possible only for those data fields which are intended to be personalized. It must be ensured that the data is written to the right place, i.e. only to the fields which were set aside for personalizing data at the time of initialization. The way in which this requirement is met is that so-called placeholders are loaded into the memory of the chip card during initialization. When personalizing, data is then being transmitted to a field intended for such data during personalization, additional information is passed to the chip card along with the personalizing data. This additional information is then compared with the information stored in the placeholder. If the two sets of information are the same, the personalizing data is written to the memory of the chip card. However, a check of this kind is not sufficiently robust to rule out the possibility of misuse. There are known chip cards which have a plurality of chip card applications stored on them. A chip card application is a service which the chip card is able to provide, such as a payment function (chip card application A) or an electronic driver's license (chip card application B). To guarantee security when the chip card is being personalized, it is necessary for the chip card applications to be isolated from one another at the time of personalization, i.e. for it to be ensured that only the provider of chip card application A is able to personalize chip card application A or in other words is able to load data for chip card application A into the card. The same applies to the provider of chip card application B and to any other chip card applications. To date, secure isolation between chip card applications at the time of personalization has not been achieved in any chip card personalizing system.
The object of the present invention is to provide a method for the improved initialization and personalization of chip cards and a chip card for this purpose.